Strengthen your security baseline

It’s always darkest before the dawn.

That’s why I believe we have a hope of correcting the terrible mess that Windows users are facing from constant patching to combat viruses, spam, and identity theft.

I wrote in the Sept. 23 issue of the Windows Secrets Newsletter that an astonishly high 30% of American consumers had experienced online identity theft, according to Gartner Inc. This is just one of the many unacceptable, lawless assaults that we face, including ever-expanding waves of viruses, worms, spam, and phishing attacks.

I described in the June 3 issue five essential components of what I called the "security baseline." I now feel that a sixth component, upgrade-management software, must be added to my definition of the security baseline.

These are the minimum hardware devices and software applications, therefore, that are currently needed by any individual or company that connects a PC to the Internet:

Get our unique weekly Newsletter with tips and techniques, how to's and critical updates on Windows 10, Windows 8, Windows 7, Firefox, Internet Explorer, Google, etc. Join our 460,000 subscribers!

Enter your email above to receive messages about offerings by Penton, its brands, affiliates and/or third-party partners, consistent with Penton's Privacy Policy.
The Windows 7, Vol 3 (Excerpt)

Subscribe and get our monthly bonuses - free!

The Windows 7 Guide, Volume 3: Advanced maintenance and troubleshooting provides advanced tools for keeping Microsoft's premier operating system up and running smoothly. Get this excerpt and other 4 bonuses if you subscribe FREE now!

  • Hardware firewall to make your systems invisible to "port scans" by hackers;
  • Software firewall to prevent worms from sneaking in or communicating out via your Internet connection;
  • Antivirus program to detect and eliminate infected files and e-mail attachments;
  • Antispam filter to prevent obviously bogus e-mail messages from reaching your Inbox and tempting you to click links to crooked Web sites; and
  • Anti-adware scanner to delete adware, spyware, and browser hijackers in your system and prevent them from getting control in the future.
  • Update-management software to handle today’s constant stream of patches and upgrades, whether the choice is Windows Update for individuals or a small-business or corporate package to handle 5 to 5,000 PCs.
  • Despite the undeniable value of all of the above, a majority of PC users don’t yet know what a firewall is, much less have one installed and properly configured., therefore, plans to redesign its content and dedicate itself to two goals this year:

    1. Explain the security baseline to consumers and executives alike; and

    2. Pressure retailers and ISPs to fix the PCs they sold or linked to theNet.

    These are ambitious goals. But the current takeover of the Internet by thieves is extremely frightening and borders on making our cherished public resource too much of a hassle to use. We have to make computing safe again, and you can help.

    Building a sea change in safe computing

    As described at the top of this issue of the newsletter, we’re planning a series of free seminars in 2005 or 2006 in various countries and cities where we have a large number of readers. We’ll keep you informed in the coming months about our plans and the locales of these events.

    Until then, we’re reorganizing the newsleter to make it pithier, tighter, and (at the same time) more useful to you.

    It’s ironic that today’s wave of attacks is not just overwhelming Windows users with security assaults. It’s also overwhelming them with "security bulletins" they’re supposed to read and understand.

    It’s great for security consultants to spend 40 hours a week studying these bulletins. But consumers and business executives simply can’t. One respected firm, Secunia, issued more than 350 security advisories in December 2004 alone.

    There are scores of companies that generate an analysis of every threat and a summary of every Windows patch. The Windows Secrets Newsletter is taking a different approach.

    We’re committing ourselves to give you information you can read in 10 minutes, twice a month, that will tell you primarily about those threats that would penetrate your security baseline. You can read more about these threats if you like. But if not, at least you’ll know what steps to take to protect yourself against the newest and most novel attacks for which no patches yet exist.

    This approach makes the following assumption: You have your security baseline installed and constantly updated. (Be sure to see the June 3 newsletter for expert recommendations on products you need to install.)

    To that end, we plan to add a sidebar that will appear in every issue (starting Jan. 27), summarizing the security baseline. The sidebar will link to the latest recommendations of top experts on the best free and inexpensive products in each of the requiredcategories.

    New sections for our most dedicated readers

    In addition to the new sidebar, we’re adding four concise sections to the newsletter. Each will be written by experts who are dedicated to helping you understand the latest information at a glance.

    These four new features are:

    • Briefing Session. What you need to know about the latest Windows tools and utilities, both free and commercial. (This feature, written by our associate editor Paul Thurrott, starts in this issue.)
    • Windows Patch Watch. Everyone’s aware that Microsoft releases a lot of patches. But what you really need to know is the negative side-effects of the patches and how to work around them. (Susan Bradley leads off this feature for the first time in this issue.)
    • Over the Horizon. How you can guard against known threats that patches are not yet available for. (This feature starts Jan. 27.)
    • Upgrade Management. Whether you’re responsible for a small home network or a corporate server farm, you can benefit from software that automates the upgrade process for you. (Starts Feb. 10.)
    Turning today’s morass of warnings, alerts, and bulletins into a "need to know" section that you can skim in 10 minutes is going to cost us money. For this reason, the four new sections will appear in the longer, paid version of the newsletter. In this area, they can be supported by readers who’ve financially contributed to make this type of work possible.

    We have no set fee for the extra information. Any subscriber to the free version can get the longer, paid version by making a contribution of any amount. We want this service to be available to anyone, whatever monetary value they may feel it has. If this effort is worth something to you, see the Here’s a Tip section below or use this link to upgrade.

    As always, we’ll continue to put as much information as we can in the free version of the newsletter. We’ll continue to keep you up-to-date on whatever free sources of information we can find.

    We’re all in this together, and we PC users need to support each other in every way we can to overcome the perps that are now running riot over the Net.

    To send us more information about the security baseline, or to send us a tip on any other subject, visit You’ll receive a gift certificate for a book, CD, or DVD of your choice if you send us a comment that we print.

= Paid content

All Windows Secrets articles posted on 2005-01-13: